How to whitelist with Moralis

Posting here as a question, but also added to Feature Requests as it would be really nice to have functionality built-in.
(request here Whitelist via the MongoDB or similar and a hook/check?)

How would one go about setting up a whitelist for NFT mint (or ERC20 claim) with Moralis?

We know which wallet is logged in if they’ve authenticated with Moralis.
We can add address to the MongoDB I think, by outputting them to JSON and importing?

Next though would be how to check the connected user’s address is in the whitelist, and record how many mints they want / are allowed.
This was we can also avoid the trick where a user mints, moves NFTs out of wallet, and can continue to mint (as many contracts look to check current balance of the NFTs in question in a wallet, rather than keep track of how many have been minted by a wallet, reason being most users can get a solidity contract to check balance but can’t set up a database and queries in conjunction with a mint button so they do it the easy way and leave the whitelist open to abuse)/

So I think it’s theoretically possible. But looking for advice on the steps to do it. How do you query a custom range of data (the whitelisted addresses imported into Mongo) at mint time?


A user can make a mint without using your application. For example by sending directly the mint transaction to the blockchain. The whitelist logic should be at contract level.

Yes you’d have something in the solidity. But that skips over most of my question.
Say we do it with a merkle tree, can we use the Moralis Mongo DB to store the necessary data and have the proof in the contract? What docs should I be looking at to store/call custom data from a Moralis DB?

I don’t know exactly how you can do it in mongo db. if you don’t have too many points maybe you can save all the data in a json object, if you need a big database maybe it is better to do something custom without using mongo db

Since we can manually upload a list of addresses in JSON format
Would Moralis ever consider adding a hook so we could check currentUser is in the custom list, where listName=XYZ for example
Instant whitelisting ability with Moralis will bring in a lot of new, paying users.

when do you want to check if the user is in that custom list, at what moment?
there is a hook now for beforeSave that is called when user will login first time for example.

Rather than a merkle tree, I wonder if it would be easier for Moralis to do help with ECDSA signing for the whitelist (another lower-gas whitelist option a little similar to Merkle tree method). If we can add an array of whitelisted addresses to the database, and check if currentUser is in that list, then pass the user and the recovery hash or whatever to the solidity to be verified to mint.
The biggest problem right now with ECDSA I think is the back end of it. The solidity is rather simple. But with Moralis hooks and the built-in database it could be a lot simpler for people to do this for both ERC20 and NFTs.